From 13b0a3dc163dd769667f3fe2487db95ee99d0844 Mon Sep 17 00:00:00 2001
From: Brendan <2bndy5@gmail.com>
Date: Wed, 12 Nov 2025 05:21:57 -0800
Subject: [PATCH] chore(dev): use trusted publishing for npm deployments

npm finally rolled out trusted publishing
---
 .github/workflows/node-js-packaging.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/node-js-packaging.yml b/.github/workflows/node-js-packaging.yml
index cd2147a..0063746 100644
--- a/.github/workflows/node-js-packaging.yml
+++ b/.github/workflows/node-js-packaging.yml
@@ -308,7 +308,7 @@ jobs:
     name: Publish
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      # needed for trusted publishing
       id-token: write
     needs:
       - build-freebsd
@@ -341,9 +341,4 @@ jobs:
       - name: Publish
         if: startsWith(github.ref, 'refs/tags/')
         working-directory: bindings/node
-        run: |
-          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
-          npm publish --access public --provenance true ${{ contains(github.ref_name, '-rc') && '--tag next' || '' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish ${{ contains(github.ref_name, '-rc') && '--tag next' || '' }}